Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ccleaner Latest Update Infected


  • Please log in to reply
5 replies to this topic

#1 thomcats

thomcats

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 22 July 2007 - 09:09 AM

I was adviced of that the latest version of CCleaner was up for grabs at their site, the version 1.41.544. I downloaded it as ususal and updated my version without probs. I've since used it for a couple of days.

Today I was made aware of by my antivirus BitDefender v10 that the uninstall.exe in that prog was infected by Trojan.Downloader.Zlob.AADO. The virus was removed but the file couldn't be cleaned and thus removed. When consulting the log from BitDefender I could see that not only the uninstall.exe in CCleaner's program folder was removed but listed as infected and thus removed was also the original Setup.exe from the update. As far as I can understand this means that the update was contaminated before it reached my comp in the first place.

I don't know if the contamination has occured at one of the sites where CCleaner can be downloaded or if it has happened at the source so to speak. A word of warning is due though and that you should be extra careful when downloading this update.

Cheers
Thomcats

BC AdBot (Login to Remove)

 


m

#2 HIPPO1023

HIPPO1023

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 22 July 2007 - 09:54 AM

I checked Cclener's uninstall.exe in VirusTotal.

Show the result below:

AhnLab-V3 2007.7.21.0 2007.07.20 no virus found
AntiVir 7.4.0.44 2007.07.21 no virus found
Authentium 4.93.8 2007.07.20 no virus found
Avast 4.7.997.0 2007.07.22 no virus found
AVG 7.5.0.476 2007.07.21 no virus found
BitDefender 7.2 2007.07.22 Trojan.Downloader.Zlob.AADO
CAT-QuickHeal 9.00 2007.07.20 no virus found
ClamAV devel-20070416 2007.07.22 no virus found
DrWeb 4.33 2007.07.22 no virus found
eSafe 7.0.15.0 2007.07.19 no virus found
eTrust-Vet 30.8.3797 2007.07.20 no virus found
Ewido 4.0 2007.07.22 no virus found
FileAdvisor 1 2007.07.22 no virus found
Fortinet 2.91.0.0 2007.07.22 no virus found
F-Prot 4.3.2.48 2007.07.20 no virus found
F-Secure 6.70.13030.0 2007.07.22 no virus found
Ikarus T3.1.1.8 2007.07.22 no virus found
Kaspersky 4.0.2.24 2007.07.22 no virus found
McAfee 5079 2007.07.20 no virus found
Microsoft 1.2704 2007.07.22 no virus found
NOD32v2 2411 2007.07.21 no virus found
Norman 5.80.02 2007.07.20 no virus found
Panda 9.0.0.4 2007.07.22 Suspicious file
Sophos 4.19.0 2007.07.17 no virus found
Sunbelt 2.2.907.0 2007.07.21 no virus found
Symantec 10 2007.07.22 no virus found
TheHacker 6.1.7.151 2007.07.22 no virus found
VBA32 3.12.2.1 2007.07.21 no virus found
VirusBuster 4.3.26:9 2007.07.21 no virus found
Webwasher-Gateway 6.0.1 2007.07.22 no virus found

I think it is false positive.
You can send BitDefender uninstall.exe. BitDifender will examine it.

#3 thomcats

thomcats
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 22 July 2007 - 11:47 AM

Ok!

I have sent the file to Bitdefender but not received a respons as of yet.

It is however removed from my comp and if I want to uninstall the program, I will have to do that via the Control Panel.

Cheers!
Thomcats

#4 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 24 July 2007 - 11:09 AM

I got a new computer yesterday. I'm going to download CCleaner and when I went to their site I noticed that they have posted a notice that this is a false positive.

#5 thomcats

thomcats
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 25 July 2007 - 02:59 AM

Ah! I see! Well, I guess they have been made aware of it. However, it's a bit of a nuisance nonetheless because when the anitvirus program sets into motion automatically as in my case BitDefender, a file is removed from the program. Of course I can uninstall the program in other ways, but one would rather have a complete designed program to start with.

Cheers
Thomcats

#6 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 25 July 2007 - 05:37 AM

Except that it seems to be a problem only with Bit Defender. It's likely something they need to fix as opposed to CCleaner. I have used their online scanner in the past but probably won't for now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users